Conversations 10: Michelle Dennedy, privacy engineering

Why do so many internet applications end up being hit with privacy disasters? Why not make sure they handle personal data properly to begin with? There’s a process for that, and it’s called “privacy engineering”.

Michelle Dennedy is chief privacy officer with information security firm McAfee and, along with a family member and her business partner, is co-author of the book The Privacy Engineer’s Manifesto: Getting from Policy to Code to QA to Value. The ebook is available for free.

“Oftentimes what you find is that [privacy] is the realm of the lawyer, or the risk manager if you’re lucky, or maybe the odd finance guy will wander into the cave every now and again,” Dennedy said. “Then you go and you talk to the people who are slinging code, or buying services or software or techniques, or going to the cloud and dreaming up technical stuff, and they say to you, ‘Kinda leave us in our cave over here, and go write your little policies, they’re so cute, and then maybe at the end of it — maybe — you get to write some terms and conditions to get me out of my obligations.'”

You recognise that scenario, right? It’s another of those ethical shortfalls, where the rules that society has agreed to operate by are seen as just another inconvenience to be avoided.

Privacy engineering is the process of turning various policies, from privacy laws to the needs of the business’ plan for data, into something that programmers can work with — indeed. something they’ll want to work with because it’s now an engineering problem. It’s also something that quality assurance (QA) processes can deal with.

[Photo: Original photo of Michelle Dennedy via BankInfoSecurity.com, not credited. Digital manipulation by Stilgherrian, available for re-use under a Creative Commons Attribution-NoDerivs license (CC BY-ND).]